Kubernetes Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Kubernetes etcd must have file permissions set to 644 or more restrictive.
<VulnDiscussion>The Kubernetes etcd key-value store provides a way to store data to the Control Plane. If these files can be changed, data to...Rule Medium Severity -
SRG-APP-000516-CTR-001335
<GroupDescription></GroupDescription>Group -
The Kubernetes admin kubeconfig must have file permissions set to 644 or more restrictive.
<VulnDiscussion>The Kubernetes admin kubeconfig files contain the arguments and settings for the Control Plane services. These services are c...Rule Medium Severity -
SRG-APP-000516-CTR-001335
<GroupDescription></GroupDescription>Group -
SRG-APP-000190-CTR-000500
<GroupDescription></GroupDescription>Group -
SRG-APP-000014-CTR-000035
<GroupDescription></GroupDescription>Group -
The Kubernetes Scheduler must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination.
<VulnDiscussion>The Kubernetes Scheduler will prohibit the use of SSL and unauthorized versions of TLS protocols to properly secure communica...Rule Medium Severity -
SRG-APP-000014-CTR-000040
<GroupDescription></GroupDescription>Group -
The Kubernetes API Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination.
<VulnDiscussion>The Kubernetes API Server will prohibit the use of SSL and unauthorized versions of TLS protocols to properly secure communic...Rule Medium Severity -
SRG-APP-000014-CTR-000035
<GroupDescription></GroupDescription>Group -
The Kubernetes etcd must enforce ports, protocols, and services (PPS) that adhere to the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL).
<VulnDiscussion>Kubernetes etcd PPS must be controlled and conform to the PPSM CAL. Those PPS that fall outside the PPSM CAL must be blocked....Rule Medium Severity -
The Kubernetes Scheduler must enforce ports, protocols, and services (PPS) that adhere to the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL).
<VulnDiscussion>Kubernetes Scheduler PPS must be controlled and conform to the PPSM CAL. Those ports, protocols, and services that fall outsi...Rule Medium Severity -
The Kubernetes etcd must use TLS to protect the confidentiality of sensitive data during electronic dissemination.
<VulnDiscussion>Kubernetes etcd will prohibit the use of SSL and unauthorized versions of TLS protocols to properly secure communication. Th...Rule Medium Severity -
SRG-APP-000014-CTR-000035
<GroupDescription></GroupDescription>Group -
SRG-APP-000142-CTR-000330
<GroupDescription></GroupDescription>Group -
SRG-APP-000142-CTR-000330
<GroupDescription></GroupDescription>Group -
The Kubernetes etcd must use TLS to protect the confidentiality of sensitive data during electronic dissemination.
<VulnDiscussion>The Kubernetes API Server will prohibit the use of SSL and unauthorized versions of TLS protocols to properly secure communic...Rule Medium Severity -
SRG-APP-000023-CTR-000055
<GroupDescription></GroupDescription>Group -
The Kubernetes Controller Manager must create unique service accounts for each work payload.
<VulnDiscussion>The Kubernetes Controller Manager is a background process that embeds core control loops regulating cluster system state thro...Rule High Severity -
SRG-APP-000033-CTR-000090
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.